<?php
// <copyright file="AuthenticationType.cs" company="NQtec">
// Copyright (c) 2008, 2009 All Right Reserved, http://www.dqer.com/
// Copyright (c) 2008, 2009 All Right Reserved, http://www.nqtec.com/
//
// This source is part of the DQER library that released under the LGPL.
// Please see the License.txt file for more information.
// All other rights reserved.
//
// THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY 
// KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
// PARTICULAR PURPOSE.
//
// </copyright>
// <author>Victor Gatkov</author>
// <email>v.gatkov@nqtec.com</email>
// <email>info@dqer.com</email>
// <date>2008-09-11</date>
// <summary>Contains a base, abstract class for an AuthorisationPolicyProvider</summary>

class UsrDb {

   function UsrDb() {
   }

   function check_upword($uname,$pass) {
     return $this->check_pword($this->get_uid($uname),$pass);
   }

   function get_data($uid,$type) {
       global $database;
       $q    = "SELECT `data` FROM `".TBL_DATA."` WHERE `uid`='$uid' AND `type`='$type' LIMIT 1";
       $res  = $database->do_query($q);
       if ($row=mysql_fetch_array($res)) {
           $data  = $row['data'];
       }
       return $data;
   }
   function get_uid($uname) {
       global $database;
       $q    = "SELECT `uid` FROM ".TBL_DATA." WHERE `data`='$uname' AND `type`='uname' LIMIT 1";
       $res  = $database->do_query($q);
       if ($row=mysql_fetch_array($res)) {
           $data  = $row['uid'];
       }
       return $data;
   }

   function check_pword($uid,$pass,$xb='1010') {
//       global $session;

       $chpass = $this->get_data($uid,'pword');;

       if (PASS_ENC) { 
//           $ss     = $session->get_xb();
           if(PASS_ENC_PARANOID){$cp=SHA256::hash($chpass.":".$xb);}else{$cp=$chpass;}
//           $session->set_xb(0);
       } else {
           $cp     = $chpass;
           $pass   = SHA256::hash($pass);
       }

       if ($pass==$cp)  return true;
       else return false;
   }




   function uuid($uid) {
       global $database;
      $q      = "SELECT * FROM ".TBL_DATA." WHERE `uid`='$uid'";
      $res    = $database->do_query($q);
      return mysql_numrows($res);
   }
// ---0
   function uuname($uname) {
       global $database;
      $q      = "SELECT * FROM ".TBL_DATA." WHERE `data`='$uname' AND `type`='uname'";
      $res    = $database->do_query($q);
      return mysql_numrows($res);
   }



// ---1
   function create_new_uid() {
       do {
        $uid = substr(md5(uniqid(rand(),true)),16); // uid fixed length == 16HEX == 64bit, more than enough..
       } while ($this->uuid($uid));
       return $uid;
   }
   function create_new_uname($uid) {
       global $database;
       $ts = time();
       do {
        $uname = $this->genstr();
       } while ($this->uuname($uname));
       $q = "INSERT INTO ".TBL_DATA." (`uid`, `data`, `type`, `ts`) VALUES ('$uid', '$uname', 'uname', '$ts')";
       $result = $database->do_query($q);
       return $result;
   }
//--2
   function create_new_pword($uid) {
       global $database;
       $ts = time();
       $pass = rand(10101010, 98989898);
       $q = "INSERT INTO ".TBL_DATA." (`uid`, `data`, `type`, `ts`) VALUES ('$uid', '$pass', 'opass', '$ts')";
       $result = $database->do_query($q);
       $pword = SHA256::hash($pass);
       $q = "INSERT INTO ".TBL_DATA." (`uid`, `data`, `type`, `ts`) VALUES ('$uid', '$pword', 'pword', '$ts')";
       $result = $database->do_query($q);
       return $result;
   }
   function create_new_ulevel($uid,$ulv) {
       global $database;
       $ts = time();
       $q = "INSERT INTO ".TBL_DATA." (`uid`, `data`, `type`, `ts`) VALUES ('$uid', '$ulv', 'ulevel', '$ts')";
       $result = $database->do_query($q);
       return $result;
   }
//--2
   function ulog($uid,$data,$st) {
       global $database;
       $ts       = time();
       $rip      = $this->rip();
       if (!$st) $st = 0;
       $q        = "INSERT INTO ulog (`uid`, `action`, `status`, `ip_from`, `ts`) VALUES ('$uid', '$data', '$st', '$rip', '$ts')";
       $result   = $database->do_query($q);
       return $result;
   }


// ------------ OUT !!!!!!!!!!!!!!!!!!!!

function genstr($level=2,$length=8){
   list($usec, $sec) = explode(' ', microtime());
   srand((float) $sec + ((float) $usec * 100000));

   $validchars[1] = "0123456789";
   $validchars[2] = "abcdfghjkmnpqrstvwxyz";
//   $validchars[4] = "abcdfghjkmnpqrstvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
   $validchars[3] = "0123456789abcdfghjkmnpqrstvwxyz";
   $validchars[4] = "0123456789abcdfghjkmnpqrstvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
   $validchars[5] = "0123456789_!@#$%&*()-=+/abcdfghjkmnpqrstvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_!@#$%&*()-=+/";

   $sst = ""; $counter = 0;

   while ($counter < $length) {
     $actChar = substr($validchars[$level], rand(0, strlen($validchars[$level])-1), 1);

     // All character must be different
     if (!strstr($sst, $actChar)) {
        $sst .= $actChar;
        $counter++;
     }
   }

   return $sst;
}

 function rip() {
    if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "127.0.0.1")) $ip = getenv("HTTP_CLIENT_IP");
    else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "127.0.0.1")) 
    $ip = getenv("HTTP_X_FORWARDED_FOR");
    else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "127.0.0.1"))
    $ip = getenv("REMOTE_ADDR");
    else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "127.0.0.1"))
    $ip = $_SERVER['REMOTE_ADDR'];
    else $ip = "127.0.0.1";
   return($ip);
 }

};
?>
